https://orcid.org/0000-0002-8382-9724
![Sample our Social Sciences journals, sign in here to start your FREE access for 14 days]({"type":"image" , "src" : "/sda/110822/TOC-Subject-Sample-2021-Social-Sciences.jpg"})
ABSTRACT
In the wake of the digital revolution and connected technologies, societies store an ever-increasing amount of data on humans, their preferences, and behavior. These modern technologies create a trust challenge, insofar as individuals have to trust data collectors such as private organizations, government institutions, and researchers that their data is not misused. Privacy regulations should increase trust because they provide laws that increase transparency and allow for punishment in cases in which the trustee violates trust. The introduction of the General Data Protection Regulation (GDPR) in May 2018 – a wide-reaching regulation in EU law on data protection and privacy that covers millions of individuals in Europe – provides a unique setting to study the impact of privacy regulation on trust in data collectors. We collected survey panel data in Germany around the implementation date and ran a survey experiment with a GDPR information treatment. Our observational and experimental evidence does not support the hypothesis that the GDPR has positively affected trust. This finding and our discussion of the underlying reasons are relevant for the wider research field of trust, privacy, and big data.
Disclosure statement
No potential conflict of interest was reported by the author(s).
Notes
1 While the term data-sharing implies an action on part of the person sharing the data, we use the term to also designate the passive and unconscious sharing of data.
2 The GDPR was adopted by the Council of the European Union on 8 April 2016 and on 14 April 2016 by the European Parliament. Subsequently, the regulation entered into force on 24 May 2018 and its provisions became directly applicable in all member states on 25 May 2018. As the GDPR is a regulation, not a directive, it is directly binding and applicable in all member states (European Commission, Citation2019b).
3 A non-peer-reviewed study by Sobolewski and Paliński (Citation2017) surveys students from Warsaw University (N = 143) and presents them with a choice tasks to explore which aspects of the GDPR policy (e.g., the right to be forgotten or the right to migrate personal data) are perceived as more valuable. A non-peer-reviewed report by Aldighieri (Citation2018) based on survey data (N = 1001) explores consumers’ attitudes towards and perception of the GDPR from a consumer perspective.
4 We also add to a more general literature on ‘policy feedback.’ A vast literature has investigated feedback effects at the level of states and political elites (Campbell, Citation2012, p. 334). Research on policy feedback effects on mass publics centers on social welfare policy following the idea that it is one of the policy areas most salient to ordinary individuals (Campbell, Citation2012, p. 336). At first glance, privacy and data rights represent a less salient policy area. However, 2018 has seen several high-level scandals, e.g., the Cambridge Analytica Scandal that erupted in March 2018 that may have increased the salience of such topics. As far as we know, our study is the first to investigate policy effects in this policy subfield, and we situate it within broader research in this area.
5 Importantly, trust is here understood as a simple expectation that B behaves according to A's preference. Some accounts define trust as believing in the benevolence of a trustee. However, the understanding here simply pertains to expectations regarding B's behavior. Certainly, aside from third parties with sanctioning power, knowing that B has been trustworthy in the past or has other attributes may also affect A's trust. And even if I don't trust some organization, I might still decide to share data with it, for instance, because I have no other option, e.g., if this organization has a monopoly and I need its services.
6 There are various websites that provide GDPR enforcement data, e.g., https://www.enforcementtracker.com/.
7 For an explanation of the data underlying Google Trends, see Rogers (Citation2016).
8 The sample was recruited using quotas for age, gender, and smartphone ownership. Only respondents who reported living in Germany were included in the sample. See Table A1 for statistics on how many respondents were discarded for various reasons.
9 In Wave 1 we used two different versions of the trust question, the standard trust scale depicted above and a subjective probability scale: On a scale of 0% = ‘event will certainly not happen’ to 100% = ‘event will certainly happen’, how likely do you think it is that B uses your personal for internal purpose only, that is, not share the data with third parties?. Respondents were randomly assigned to the two different scales and previous research indicates that it does not matter whether respondents answer on the normal scale or the probability scale (Bauer et al., Citation2019).
10 The data was coded by one coder (#1). We tested inter-coder reliability for a random subset of 200 responses which were coded by a second rater #2. The Cohen's kappa for the two ratings lies at 0.89 (rater #2 coded 191 out of 200 responses in the same way as rater #1). Out of 6258 responses to the GDPR knowledge question across the three waves, 3793 responses were ‘Yes’, out of which 3683 provide some form of open-ended response to the probing question (only 110 didn't). Answers ranged from very short ones (single words) to very long ones (the answer with the most words has 216; Median: 6 words, Mean: 8.6 words). Across all waves, out of the 3793 respondents who answered ‘Yes’ to the closed question on GDPR knowledge, our coding of open-ended responses declares 1250 respondents to not have provided an answer showing substantive understanding of the GDPR's content.
11 Analyses were conducted in R. Tables were generated using the Stargazer R package (Hlavac 2014).
12 Device ownership has been shown to be strongly related to measures of digital literacy (Hargittai et al., Citation2019).
13 We also explored whether the effect of GDPR awareness is heterogeneous, i.e., is stronger among subsets of our sample that are high or low in digital literacy (operationalized through the number of devices they possess: high = number of devices ≥4 (N = 247) and low = number of devices ≤2 (N = 459)). This was not the case.
14 Overall, it appears that awareness levels in our study are similar to those in other studies. On 1 March 2018 YouGov reports that around three quarters (72%) of British adults haven't heard of GDPR (Glanville Citation2018).
15 We also explored whether the effect of GDPR awareness is heterogeneous, i.e., is stronger among subsets of our sample that are high or low in digital literacy (operationalized through the number of devices they possess: high = number of devices ≥4 (N = 247) and low = number of devices ≤2 (N = 459)). This was not the case. In addition, we further explore the relationship between generalized trust, privacy concern, and our trust judgments. Figure A5 depicts a correlation matrix and correlations reach a maximum of 0.4, relevant but not particularly high in our view. In additional analyses, we re-estimated our difference-in-differences models using generalized trust and privacy concern as outcome variables (see reproduction files). We do not find effects reflecting the findings for our trust judgments.
Additional information
Funding
Notes on contributors
Paul C. Bauer
Paul C. Bauer is a research fellow at the Mannheim Centre for European Social Research and pursues research in political behavior, political communication, and computational social science. His current research interests comprise the believability of misinformation and the social media activity and influence of politicians. His work has appeared in Political Communication, Public Opinion Quarterly, Political Behavior, PLOS One, and the European Sociological Review. E-mail: [email protected].
Frederic Gerdon
Frederic Gerdon is a doctoral researcher at the Mannheim Centre for European Research at the University of Mannheim, Germany, and at the Department of Statistics of the Ludwigs Maximilians University Munich, Germany. He currently researches social consequences of digitization and algorithmic decision-making, with a particular focus on social inequality and privacy, and mainly employs quantitative methods such as survey experiments. E-mail: [email protected].
Florian Keusch
Florian Keusch is a Professor (interim) of Statistics and Methodology at the University of Mannheim, Germany, and Adjunct Assistant Professor at the Joint Program in Survey Methodology (JPSM), University of Maryland, U.S. His current research interests comprise nonresponse and measurement error in (mobile) Web surveys and passive mobile data collection and attitudes towards data sharing. His work has been published in Sociological Methods & Research, Public Opinion Quarterly, and Social Science Computer Review. E-mail: [email protected].
Frauke Kreuter
Frauke Kreuter is Professor of Statistics and Data Science for the Social Sciences and Humanities at the Ludwig-Maximilians-University of Munich (Germany) and co-director of Data Science Centers at the University of Maryland (USA) and Mannheim (Germany). Current research interests comprise data quality, privacy, and the combination of multiple data sources for statistics production. Her work has been published in the Annual Reviews of Statistics and its Application, Harvard Data Science Review, and Public Opinion Quarterly. E-mail: [email protected].
David Vannette
David Vannette is a Visiting Scholar in Political Science at the University of California, Davis. His current research interests include question and questionnaire design, survey nonresponse, and measurement error in a global context, primarily in mobile web surveys. He also has an interest in political psychology and has recently published on the psychological experiences of Latina/o immigrants to the U.S. His work has been published in the American Journal of Political Science, Journal of the Royal Statistical Society, Policy Studies Journal, Research Quality Forum, several book chapters, and recently edited the Palgrave Handbook of Survey Research. E-mail: [email protected].